Revision tags: openssl-3.0.0-alpha17 |
|
#
b9385449 |
| 19-May-2021 |
Richard Levitte |
PROV: Relegate most of the FIPS provider code to libfips.a provider/fips/fipsprov.c contains a number of symbols that get used by anything that's included in libfips.a, at least on Unix.
PROV: Relegate most of the FIPS provider code to libfips.a provider/fips/fipsprov.c contains a number of symbols that get used by anything that's included in libfips.a, at least on Unix. Unfortunately, there are platforms that do not support resolving symbols to things that are already included in the end product (module in this case) being built; they only support resolving symbols with what comes next in the linking process. The offending symbols in this case are FIPS_security_check_enabled, c_thread_start and ossl_fips_intern_provider_init. We resolve this by placing provider/fips/fipsprov.c in libfips.a along with everything else there. That takes care of the offending symbols. What remains is to ensure that there is an entry point in an object file used directly when linking the module, providers/fips/fips_entry.c Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15370)
show more ...
|
Revision tags: openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
47c239c6 |
| 03-Mar-2020 |
Shane Lontis |
Add pairwise consistency self tests to asym keygenerators Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10952)
|
#
36fc5fc6 |
| 15-Jan-2020 |
Shane Lontis |
Add FIPS Self test kats for digests Added an API to optionally set a self test callback. The callback has the following 2 purposes (1) Output information about the KAT tests. (2)
Add FIPS Self test kats for digests Added an API to optionally set a self test callback. The callback has the following 2 purposes (1) Output information about the KAT tests. (2) Allow the ability to corrupt one of the KAT's The fipsinstall program uses the API. Some KATS are not included in this PR since the required functionality did not yet exist in the provider. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10374)
show more ...
|
Revision tags: OpenSSL_1_0_2u |
|
#
14a684bf |
| 18-Sep-2019 |
Matt Caswell |
Make sure we only run the self tests once Fixes #9909 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://g
Make sure we only run the self tests once Fixes #9909 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9939)
show more ...
|
#
ddd21319 |
| 04-Oct-2019 |
Richard Levitte |
Cleanup: move remaining providers/common/include/internal/*.h The end up in providers/common/include/prov/. All inclusions are adjusted accordingly. Reviewed-by: Matt Caswell <m
Cleanup: move remaining providers/common/include/internal/*.h The end up in providers/common/include/prov/. All inclusions are adjusted accordingly. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
show more ...
|
#
dec95d75 |
| 03-Oct-2019 |
Richard Levitte |
Rework how our providers are built We put almost everything in these internal static libraries: libcommon Block building code that can be used by all
Rework how our providers are built We put almost everything in these internal static libraries: libcommon Block building code that can be used by all our implementations, legacy and non-legacy alike. libimplementations All non-legacy algorithm implementations and only them. All the code that ends up here is agnostic to the definitions of FIPS_MODE. liblegacy All legacy implementations. libnonfips Support code for the algorithm implementations. Built with FIPS_MODE undefined. Any code that checks that FIPS_MODE isn't defined must end up in this library. libfips Support code for the algorithm implementations. Built with FIPS_MODE defined. Any code that checks that FIPS_MODE is defined must end up in this library. The FIPS provider module is built from providers/fips/*.c and linked with libimplementations, libcommon and libfips. The Legacy provider module is built from providers/legacy/*.c and linked with liblegacy, libcommon and libcrypto. If module building is disabled, the object files from liblegacy and libcommon are added to libcrypto and the Legacy provider becomes a built-in provider. The Default provider module is built-in, so it ends up being linked with libimplementations, libcommon and libnonfips. For libcrypto in form of static library, the object files from those other libraries are simply being added to libcrypto. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
show more ...
|
#
7bb82f92 |
| 15-Sep-2019 |
Shane Lontis |
Add fips module integrity check Add environment variable for setting CONF .include path Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openss
Add fips module integrity check Add environment variable for setting CONF .include path Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9769)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s |
|
#
9efa0ae0 |
| 20-Mar-2019 |
Matt Caswell |
Create a FIPS provider and put SHA256 in it Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8537)
|